Add nosuid,noexec and nodev where appropriate when remounting

If not we get permission errors if the host mount uses nosuid,noexec
or nodev.

Fixes #2776

diff --git a/mkosi/__init__.py b/mkosi/__init__.py
index 0405f56c3c5ee5bc758746f9f70748622392a822..7c081113d64b5a92f42ce79ffd0bcfed5a2c5453 100644 (file)
--- a/mkosi/__init__.py
+++ b/mkosi/__init__.py
@@ -4609,7 +4609,8 @@ def run_build(args: Args, config: Config, *, resources: Path) -> None:
 
     for d in remount:
         if Path(d).exists():
-            run(["mount", "--rbind", d, d, "--options", "ro"])
+            options = "ro" if d in ("/usr", "/opt") else "ro,nosuid,nodev,noexec"
+            run(["mount", "--rbind", d, d, "--options", options])
 
     with (
         complete_step(f"Building {config.name()} image"),